Health & Consumer Protection Directorate-General : TRACES Service Level Agreement Consultancy project S t r a t e g i z e P l a n E x e c u t e M a n a g e Member States Interview guide Brussels, October 3rd, 2007

Agenda © 2006 Gartner, Inc. All Rights Reserved. 2

Agenda Project objectives presentation Round table What is a Service Level Agreement ? Service Level Agreement As-Is situation Service Level Requirements definition Methodology presentation SLR definition workshop Current services Constraints and needs Draft of Target services Next steps 3

Project objectives © 2006 Gartner, Inc. All Rights Reserved. 4

Objectives DG for Health & Consumer Protection (DG SANCO) wants to evaluate TRACES Services Level Requirements (SLRs) with Members states representatives to provide services that fit with theirs requirements. TRACES functional requirement specifications are excluded of this evaluation. In order to draw up these requirements, an interview and a workshop meetings will have to be held. The minutes and SLR’s resulting from these meetings will have to be drafted and validated. Following the collection of all Member States’ SLR’s (or only those Member States that take part in the SLA working group), a common ground SLA will have to be drawn up and presented to the Member States. The result should be a negotiated SLA with the Member States structured and organised in the same way as the already available and DG SANCO. 5

Round table © 2006 Gartner, Inc. All Rights Reserved. 6

Team introductions Member States DG SANCO Gartner To Be Defined Member states key users Member States Didier Carton (DCA) Project Sponsor and Content Application manager Herman Brand (HBR) Project manager DG SANCO Patrick Dussac (PDU) Project Manager and Subject Matter Expert Paul Lebouille (PLE) Subject Matter Expert Gartner 7

What are Service Level Agreements ? © 2006 Gartner, Inc. All Rights Reserved. 8

What are Service Level Agreements? The best way to clarify expectations with Members States End users is through SLAs, a “contract” between Members S tates key users and DG SANCO. SLAs are one of the most effective methods for defining the support that the IS organization can and will deliver. Without an established SLA, end users and IS staff will assume implicit SLAs that rarely match. Besides managing expectations, SLAs are useful for obtaining resources. The SLA creation process often highlights the end users' actual vs. perceived requirements, which can then be matched against resources. When designed jointly with End users, SLAs are a powerful aid in building partnerships, assuring customer input to IT planning and providing a measurement base for IS performance. The products and services covered by an SLA must be built around measurable events. This ensures that SLAs can be monitored for meeting performance standards and user expectations. 9

Drivers - Business Synchronisation Key Issue: Which factors are driving the requirements for developing service levels? Drivers - Business Synchronisation Business Processes Suppliers Customers Business Services Business Units and Employees Networks Systems Service-Level Agreements Applications Source: Gartner Research In the big picture, the business gains revenue, profits and shareholder value by providing competitive products and services to its customers. To fulfill promises made to customers and build customer satisfaction, each business unit in the enterprise must work with the others. For example, a company that promises shipment of products within 24 hours of the customer order must have its forecasting, order-processing, purchasing, materials-planning, manufacturing, shipping and invoicing departments synchronized to meet that shipment requirement. These business processes are enabled by the IS organization (with an integrated set of applications atop the IT infrastructure), and it, too, must provide the quality of service required to reach the overall business objective. Quality of service goals are defined with SLAs between the business unit and the IS organization. Setting these SLAs fosters greater business/IT alignment by setting expectations and directing each business unit/IS department and individual toward meeting those expectations. Said another way, SLAs help to direct each business unit, department, vendor or employee’s contribution to the business goals. Thus, business goals are broken down and become people goals. 10

Example of SLA Service description Coverage window Service Level requirements Comment Incident management Business Days Time to resolve Severity 1 Incident : 90% of Incidents < 2 hours Availability of the central application 24x7 Total outage=5 hours per year 99,94% of availability in 24x7 No time for planned outage. The availability is calculated on Application Servers through the Servers LAN. Return To normal Operations after a Disaster RTO = 36h Recovery Point Objective (data loss) RPO = 0% User creation/update/deletion time Business days 3s for 90% of transactions executing a predefined scenario (from/to end-user emulation desktop connected on Server LAN) 11

Service Level Agreement As-Is situation © 2006 Gartner, Inc. All Rights Reserved. 12

As-Is situation No commitment on formal SLA between Members States and DG SANCO about TRACES Only the TRACES application uptime is measured and reported Examples of suggested some service levels: 24 hours per day, 7 days a week availability, 365 days per year, with an acceptable usage response time as established during stress tests, at all time during the week, all days of the year. Maximum down time per disaster incident (severity one), 2 hours. A maximum of 1 such incident per year is acceptable. Maximum down time in case of less severe incidents, 30 minutes. A maximum of 6 such incidents per year and no more than 1 per 2 months is set as acceptable. Monitoring for users outside the Commission has to be included in the monitoring of the TRACES application. Maximum number of revisions per year Timely notification of revisions and updates Maximum response time, before considered unavailable Etc. 13

Service Level Requirements definition © 2006 Gartner, Inc. All Rights Reserved. 14

Methodology Questionnaire: Current services Needs/Constraints Draft of Target services levels 15

Current services What are current service description, services levels and the coverage windows provided for the following domains ? Incident management services Business Requirements General availability and hosting Scope and specification 16

Current services : Incident management services Service description Coverage window Service Level requirements Comment To be filled before the meeting. 17

Current services : Business requirements Service description Coverage window Service Level requirements Comment To be filled before the meeting. 18

Current services : General availability and hosting Service description Coverage window Service Level requirements Comment To be filled before the meeting. 19

Current services : Scope and specification Service description Coverage window Service Level requirements Comment To be filled before the meeting. 20

Needs and constraints What are your constraints and needs related to? Incident management Business criticality, Incident severity Time to respond/solve a Severity 1/2 Incidents for TRACES/Email/Datawarehouse Business requirements User/Certificate/DVCE management (creation/update/deletion/etc. time) Time to find user/organization/authority Time to examine certificate/statistic Time to transfer Certificate/DVCE to/from the Datawarehouse 21

Needs and constraints What are your constraints and needs related to? General availability and hosting Data security, confidentiality and location Availability, downtime and planned outage Return to normal operations after a Disaster Recovery point objective (data loss) Etc. 22

Draft of Target services What are the service description, the coverage windows and service levels required ? Incident management Business requirements General availability and hosting New requirement management 23

Draft of Target services : Incident management services Service description Coverage window Service Level requirements Comment To be filled during the meeting. 24

Draft of Target services : Business requirements Service description Coverage window Service Level requirements Comment To be filled during the meeting. 25

Draft of Target services : General availability and hosting Service description Coverage window Service Level requirements Comment To be filled during the meeting. 26

Draft of Target services : New requirements management Service description Coverage window Service Level requirements Comment To be filled during the meeting. 27

Next steps © 2006 Gartner, Inc. All Rights Reserved. 28

Next steps 9/10 : DG SANCO works in back office DG SANCO analyses the draft of Target services required by Member States (SLRs) DG SANCO suggests a common ground SLA 12/10 : Half-day workshop with Member States DG SANCO presents the common ground SLA to Member States DG SANCO and Member States discuss, amend and agree on the common ground SLA DG SANCO produces a negotiated SLA 19/10 : DG SANCO works in back office DG SANCO finalizes the negotiated SLA DG SANCO produces the Final Target SLA 29

End of presentation Contact: Patrick Dussac, Associate Director S t r a t e g i z e P l a n E x e c u t e M a n a g e Contact: Patrick Dussac, Associate Director patrick.dussac@gartner.com +33 6 03 79 38 41